Hidden Frames
Frames are a popular method of hiding attack content due to their uniform browser support and easy coding style.
In his HTML code the attacker defines two frames . The first frame contains the legitimate site URL information, while the second frame - occupying 0% of the browser interface which has a malicious code running. The page linked to within the hidden frame can be used to deliver additional content, retrieving confidential information such as Session ID' s or something more advance such as executing screen-grabbing and key-logging while the user is exchanging confidential information over the Internet.
Here is a Practical example of how frames can be used in a real time scenario. In case the attacker uses 0% of the browser interface for attacker.com he can cause much harm to your privacy.In the example MSN is displayed in a second frame within the master frame showing Yahoo using the following code :
<html>
<head>
<title>Frame Based Exploit Example</title>
</head>
<body topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0">
<iframe src="http://www.yahoo.com" width="100%" height="150" frameborder="0"></iframe>
<iframe src="http://www.msn.com" width="100%" height="350" frameborder="0"></iframe>
</body>
</html>
And here is the result......
